Logstash how to transform custom json data to multiple data

Hi, I use Logstash 6.1.1, and use http plugin put json data to logstash.
some data like:

	"@timestamp": "2018-01-09T02:50:59.776Z",
	"headers": {
		......
	},
	"key1": "value1"
	"key2": "value2"
	"logs": ["2018-01-09 02:35:14.365 [main] message1", 
			 "2018-01-09 02:35:15.365 [Launcher] message2", 
			 "2018-01-09 02:35:16.365 [main] message3", 
			 "2018-01-09 02:35:17.365 [main] message4", 
	......
	]
}

and I want split and transform this data to multiple data like

{
	"@timestamp": "2018-01-09T02:50:59.776Z",
	"headers": {
		......
	},
	"key1": "value1"
	"key2": "value2"
	"log": "2018-01-09 02:35:14.365 [main] message1"
	"logTime": "2018-01-09 02:35:14.365",
	"thread": "main",
	"message": "message1"
	]
}

{
	"@timestamp": "2018-01-09T02:50:59.776Z",
	"headers": {
		......
	},
	"key1": "value1"
	"key2": "value2"
	"log": "2018-01-09 02:35:15.365 [Launcher] message2"
	"logTime": "2018-01-09 02:35:15.365",
	"thread": "Launcher",
	"message": "message2"
	]
}
......

How can I do? Thanks for view.

Try the split filter.

 split {
   field => "logs"
   target => "log"
 }

thanks, use split and grok filter.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.